The firmware of a cloud server is one of the latest vulnerabilities hackers can exploit granting them unauthorised access to data held on said servers.
Eclypsium released a report outlining the overlooked vulnerability. It found providers renting bare-metal servers re-provisioned it and reclaimed the server. An underlying problem here included the act of removing the data once the service provided to the previous customer ended. It allowed a hacker to implant malware in the motherboard and install backdoors and rootkits. Consequently, they could access data of the next customer causing the intended malicious damage.
Basing its research on IBM SoftLayer technology, Eclypsium further discovered the channels of the intelligent platform management bus/bridge operated session-less. This meant it did not require authentication on system interfaces. Eclypsium found that they could modify the firmware, implant spyware and still successfully obtain full access to the system. This tactic was through the baseband management controller.
What is a Bare Metal Cloud Server?
A Bare Metal Cloud is a public cloud, ideal for big data storage because of its customisation features for organisations. Although the cloud provider stores data on a public cloud, it takes away the need for virtual machines to share the server. Instead, bare metal cloud servers designate space to users. Additionally, it allows multiple customers to communicate when there is more than one baseboard management controller. A baseboard management controller, on the other hand, is a server component, in this case, the firmware with interfaces that allow for remote access of organisations to connect and control the server from its PC. It is because of this controller, the vulnerability possible.
Eclypsium notified IBM SoftLayer Technology of its discovery, who then published the vulnerability yesterday. It stated its efforts to remediate the problem. It classified the issue as a low severity due to the its perceived limited processing power a baseboard management controller had. IBM further reassured its customer that their networks were all private and separate from other client’s baseboard management controller. IBM’s issued the following statement regarding its remediation efforts:
“IBM has responded to this vulnerability by forcing all BMCs, including those that are already reporting up-to-date firmware, to be reflashed with factory firmware before they are re-provisioned to other customers. All logs in the BMC firmware are erased and all passwords to the BMC firmware are regenerated.”